Mostafa M. I. Taha

VANET-DSRC Protocol for Reliable Broadcasting of Life Safety Messages

This paper proposes a novel protocol for reliable broadcasting of life safety messages in Vehicular Ad-hoc Networks (VANETs) simulating reactions of car drivers. In case of any dramatic change of speed or moving direction, the vehicle is considered abnormal and hence it transmits an emergency warning message over the control channel of the Dedicated Short-Range Communication Protocol (DSRC). The proposed protocol gives the vehicle in the most dangerous situation the highest priority to transmit the acknowledgement signal. The choice of that vehicle is done locally based on the location, direction, and speed of the receiving vehicle. The superiority of the proposed protocol over existing protocols is highlighted conceptually and with simulations.

Differential Fault Intensity Analysis

Recent research has demonstrated that there is no sharp distinction between passive attacks based on side-channel leakage and active attacks based on fault injection. Fault behavior can be processed as side-channel information, offering all the benefits of Differential Power Analysis including noise averaging and hypothesis testing by correlation. This paper introduces Differential Fault Intensity Analysis, which combines the principles of Differential Power Analysis and fault injection. We observe that most faults are biased - such as single-bit, two-bit, or three-bit errors in a byte - and that this property can reveal the secret key through a hypothesis test. Unlike Differential Fault Analysis, we do not require precise analysis of the fault propagation. Unlike Fault Sensitivity Analysis, we do not require a fault sensitivity profile for the device under attack. We demonstrate our method on an FPGA implementation of AES with a fault injection model. We find that with an average of 7 fault injections, we can reconstruct a full 128-bit AES key.

QMS: Evaluating the Side-Channel Resistance of Masked Software from Source Code

Many commercial systems in the embedded space have shown weakness against power analysis based side-channel attacks in recent years. Designing countermeasures to defend against such attacks is both labor intensive and error prone. Furthermore, there is a lack of formal methods for quantifying the actual strength of a counter-measure implementation. Security design errors may therefore go undetected until the side-channel leakage is physically measured and evaluated. We show a better solution based on static analysis of C source code. We introduce the new notion of Quantitative Masking Strength (QMS) to estimate the amount of information leakage from software through side channels. The QMS can be automatically computed from the source code of a countermeasure implementation. Our experiments, based on side-channel measurement on real devices, show that the QMS accurately quantifies the side-channel resistance of the software implementation.

Side-Channel Analysis of MAC-Keccak

NIST recently completed the SHA-3 competition with the selection of Keccak as the new standard for crypto-graphic hashing. In this paper, we present a comprehensive Side-Channel Analysis of Keccak, when it is used with a secret key to generate a Message Authentication Code (MAC) (MAC-Keccak). Our analysis covers all the variations of the algorithm. We show that the side-channel resistance of the MAC-Keccak depends on the key-length used, and we derive the optimum key-length as ((n * rate) - 1), where (n ∈ [2 : ∞]) and rate is the Keccak input block size. Finally, the paper demonstrates the feasibility of our side-channel analysis with a practical attack against MAC-Keccak implemented on a 32-bit Microblaze processor.

Silent Simon: A threshold implementation under 100 slices

Lightweight Cryptography aims at achieving security comparable to conventional cryptography at a much lower cost. Simon is a lightweight alternative to AES, as it shares same cryptographic parameters, but has been shown to be extremely area-efficient on FPGAs. However, in the embedded setting, protection against side channel analysis is often required. In this work we present a threshold implementation of Simon. The proposed core splits the information between three shares and achieves provable security against first order side-channel attacks. The core can be implemented in less than 100 slices of a low-cost FPGA, making it the world smallest threshold implementation of a block-cipher. Hence, the proposed core perfectly suits highly-constrained embedded systems including sensor nodes and RFIDs. Security of the proposed core is validated by provable arguments as well as practical DPA attacks and tests for leakage quantification.

Differential Power Analysis of MAC-Keccak at Any Key-Length

Keccak is a new hash function selected by NIST as the next SHA-3 standard. Keccak supports the generation of Message Authentication Codes (MACs) by hashing the direct concatenation of a variable-length key and the input message. As a result, changing the key-length directly changes the set of internal operations that need to be targeted with Differential Power Analysis. The proper selection of these target operations becomes a new challenge for MAC-Keccak, in particular when some key bytes are hidden under a hierarchical dependency structure. In this paper, we propose a complete Differential Power Analysis of MAC-Keccak under any key-length using a systematic approach to identify the required target operations. The attack is validated by successfully breaking several, practically difficult, case studies of MAC-Keccak, implemented with the reference software code on a 32-bit Microblaze processor.

Key Updating for Leakage Resiliency With Application to AES Modes of Operation

Side-channel analysis (SCA) exploits the information leaked through unintentional outputs (e.g., power consumption) to reveal the secret key of cryptographic modules. The real threat of SCA lies in the ability to mount attacks over small parts of the key and to aggregate information over different encryptions. The threat of SCA can be thwarted by changing the secret key at every run. Indeed, many contributions in the domain of leakage resilient cryptography tried to achieve this goal. However, the proposed solutions were computationally intensive and were not designed to solve the problem of the current cryptographic schemes. In this paper, we propose a generic framework of lightweight key updating that can protect the current cryptographic standards and evaluate the minimum requirements for heuristic SCA-security. Then, we propose a complete solution to protect the implementation of any standard mode of Advanced Encryption Standard. Our solution maintains the same level of SCA-security (and sometimes better) as the state of the art, at a negligible area overhead while doubling the throughput of the best previous work.

Survey on Threats and Attacks on Mobile Networks

Since the 1G of mobile technology, mobile wireless communication systems have continued to evolve, bringing into the network architecture new interfaces and protocols, as well as unified services, high data capacity of data transmission, and packet-based transmission (4G). This evolution has also introduced new vulnerabilities and threats, which can be used to launch attacks on different network components, such as the access network and the core network. These drawbacks stand as a major concern for the security and the performance of mobile networks, since various types of attacks can take down the whole network and cause a denial of service, or perform malicious activities. In this survey, we review the main security issues in the access and core network (vulnerabilities and threats) and provide a classification and categorization of attacks in mobile network. In addition, we analyze major attacks on 4G mobile networks and corresponding countermeasures and current mitigation solutions, discuss limits of current solutions, and highlight open research areas.

Efficient and side-channel-secure block cipher implementation with custom instructions on FPGA

The security threat of side-channel analysis (SCA) attacks has created a need for SCA countermeasures. While many countermeasures have been proposed, a key challenge remains to design a countermeasure that is effective, that is easy to integrate in existing cryptographic implementations, and that has low overhead in area and performance. We present our solution in the context of an embedded design flow for FPGA. We integrate an SCA-resistant custom instruction set on a soft-core CPU. The SCA resistance is based on dual-rail precharge logic. A balanced-interleaved data format, combined with a novel memory organization, ensures that we can support both logic operations as well as lookup tables. The resulting countermeasure applies to a broad class of block ciphers. We demonstrate our results on an Altera Cyclone-II FPGA with Nios-II/s processor for a 128-bit Advanced Encryption Standard (AES) T-box implementation. We show SCA improvement of more than 400× for a system-wide electro-magnetic attack that covers both the FPGA and offchip memory (SSRAM). This comes at an overhead of 2.7× in performance and 1.15× in area. Using comparisons with related work, we demonstrate that this represents an excellent trade-off between SCA resistance, (software and hardware) design complexity, performance, and circuit area cost.

Lightweight Side Channel Resistance: Threshold Implementations of S imon

As networking has become major innovation driver for the Internet of Things as well as Networks on Chips, the need for effective cryptography in hardware is on a steep rise. Both cost and overall system security are the main challenges in many application scenarios, rather than high throughput. In this work we present area-optimized implementations of the lightweight block cipher Simon. All presented cores are protected against side channel attacks using threshold implementation, which applies secret sharing of different orders to prevent exploitable leakages. Implementation results show that, on FPGAs, the higher-order protected Simon core can be smaller than an unprotected AES core at the same security level against classic cryptanalysis. Also, the proposed secure cores consume less than 30 percent the power of any unprotected AES. Security of the proposed cores is validated by provable arguments as well as practical t-test based leakage detection methods. In fact, we show that the first-order protected Simon core does not have first-order leakage and is secure up to 10 million observations against higher-order attacks. The second-order secure implementation could not be exploited at all with up to 100 million observations.